[Users] CVE-2018-14634
Vasily Averin
vvs at virtuozzo.com
Thu Sep 27 23:49:02 MSK 2018
On 09/26/2018 02:28 PM, Vasily Averin wrote:
> Dear José Manuel,
> thank you for this notification.
> We know about this problem.
> For Vz6 I'm waiting for new RHEL6 kernel with fix,
> I expect it should be released today-tomorrow,
> otherwise I'll backport the fixes from RHEL7 kernel.
> openvz6 kernel will be released right after release of vz6 kernel.
>
> For Vz7 we're preparing ReadyKernel livepatch.
ReadyKernel patches version 62.2-1.vl7 was published,
announce and description on readykernel.com will be updated tomorrow morning.
> On 09/26/2018 12:57 PM, José Manuel Giner wrote:
>> We need a patch for OpenVZ kernel
>>
>> A serious security vulnerability has been found within the Linux Kernel nicknamed "Mutagen Astronomy" that affects CentOS, RHEL and possible others. This exploit would allow an attacker to exploit a flaw in any SUID-root binary to easily obtain full root privileges.
>>
>> It is recommended that users take the necessary precautions immediately. RedHat has already released mitigation instructions referenced below.
>>
>> Reference(s):
>> ------------
>>
>> https://access.redhat.com/security/cve/cve-2018-14634
>>
>> https://www.qualys.com/2018/09/25/cve-2018-14634/mutagen-astronomy-integer-overflow-linux-create_elf_tables-cve-2018-14634.txt
>>
>> --
>> José Manuel Giner
>>
>>
>> _______________________________________________
>> Users mailing list
>> Users at openvz.org
>> https://lists.openvz.org/mailman/listinfo/users
>>
More information about the Users
mailing list